Ilch CMS version 2.0 suffers from a cross site scripting vulnerability.
420ff03fae255674a6f3b646bfacacb5
HP Security Bulletin HPSBMU02933 2 - A potential security vulnerability has been identified with HP SiteScope's loadFileContents SOAP features. The vulnerabilities could be exploited to allow remote code execution, arbitrary file download and Denial of Service (DoS). Revision 2 of this advisory.
37d156877d8352a827a45f3d16890d62
WordPress Barclaycart plugin suffers from a remote shell upload vulnerability.
5fe9706e8fa7260df3c05e4cf938a398
HP Security Bulletin HPSBHF02965 - A potential security vulnerability has been identified with HP Security Management System. The vulnerability could be remotely exploited to allow remote execution of arbitrary code. Revision 1 of this advisory.
37125e85c86f8dfed89cb3fabc29a047
Open Supports version 2.0 suffers from a remote blind SQL injection vulnerability.
6e0b716c2ef9bf7687d4d02c8e994eb9
HP Security Bulletin HPSBUX02973 SSRT101455 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
3b0e1ab76d06683009951ce1d4e1d678
HP Security Bulletin HPSBUX02972 SSRT101454 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
5a91261fbb5bd1fbe6bc08050788299b
PHP suffers from a user session hijacking vulnerability due to the way sessions are handled on the filesystem.
061e6d4aafcdc6a0ecf9dcc43cd1679d
SFR ADSL/Fiber BOX version NB6-MAIN-R3.3.4 suffers from 39 cross site scripting vulnerabilities.
a4f46c1f77398737ebcbe3a7530a1eb6
Gentoo Linux Security Advisory 201403-1 - Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code. Versions less than 33.0.1750.146 are affected.
6d06faa68b06ef65aa482461f42f0005
ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.
3a0356654dff1f7d1ae4c95198936c41
Glambombworld PHP Clone Script suffers from a header injection vulnerability. Warning: viewing the demo site is not safe for work.
9948e88ca4ca535074c8c8d11202eb50
This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead of three separate binaries in the standard technique. However, it requires the correct architecture to be selected, (use x64 for SYSWOW64 systems also).
9f6c9e7bd21e11fecd6f20bbb622ea44
This Metasploit module exploits a stack-based buffer overflow vulnerability in ALLPlayer 2.8.1, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .M3U file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows 7 SP1.
d2791d7a5dcefb9b55da526000c67857
Red Hat Security Advisory 2014-0249-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.
da13bcd322e10714dfe9dca25317645e
Ubuntu Security Notice 2127-1 - Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly handled certificate verification functions. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited with specially crafted certificates to view sensitive information.
eefd25789ab3cd0adff0d5b930267d74
Cordova File-Transfer iOS plugin from Cordova versions 2.4.0 to 2.9.0 and Cordova File-Transfer iOS standalone plugin (org.apache.cordova.file-transfer) versions 0.1.0 to 0.4.1 suffers from file-transfer insecure default settings.
91984fade27131e55ea4cbb070e9bad3